| Title | DoS Exploitation of Allen-Bradley's Legacy Protocol Through Fuzz Testing |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Tacliad, Francisco, Nguyen, Thuy D., Gondree, Mark |
| Conference Name | Proceedings of the 3rd Annual Industrial Control System Security Workshop |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6333-4 |
| Keywords | composability, ethernet/ip, Fuzz Testing, industrial control system, Metrics, MicroLogix, Networked Control Systems Security, pubcrawl, resilience, Resiliency |
| Abstract | EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing. |
| URL | http://doi.acm.org/10.1145/3174776.3174780 |
| DOI | 10.1145/3174776.3174780 |
| Citation Key | tacliad_dos_2017 |
DoS Exploitation of Allen-Bradley's Legacy Protocol Through Fuzz Testing